NZ bank adds security online

Page Tools

ASB and Bank Direct's internet banking customers will need to
have their cellphone close to hand if they want to use the net to
transfer more than $2500 into another account from December.

ASB technology and operations group general manager Clayton
Wakefield announced the banks would be the first in New Zealand to
implement a "two factor authentication" system to shut out online
fraudsters, unveiling details of the service on Friday.

After logging on to internet banking, customers who want to
remit more than $2500 into a third party account will receive an
eight-digit text message to their cellphone, which they will need
to enter online within three minutes to complete the
transaction.

The service, Netcode, was developed using technology from US
firm RSA Security. It should ensure fraudsters can't raid people's
bank accounts simply by finding out their password and log-in.

This is because they would also need the customer's cellphone to
obtain the eight-digit code.

Police e-crime manager Maarten Kleintjes says Netcode is a huge
step forward. "It's really bad news for cybercrooks. They might as
well go home and do something else."

Kleintjes says it is "inevitable" other banks will follow and
introduce two-factor security systems of their own, either using
cellphones or alternative technologies.

ASB and Bank Direct customers will pay 25 cents each time a code
has to be sent to their cellphone, and will be able to use it for
the duration of their internet session.

Wakefield says the charge covers the cost of sending the text
message and other infrastructure costs that the bank incurred
setting up the system.

If customers want to pay someone more than $2500 without using a
cellphone, then they will have to use an alternative such as phone
banking. They will be able to set a lower limit on
transactions.

"The reason we chose the $2500 is the trade off between
convenience and risk which we see," says Mr Wakefield.

"The experience overseas is fraudsters look for bigger
transactions and, at that level, it prohibits them from getting
interested."